Download the PHP package leonardini/brontosaurus without Composer
On this page you can find all versions of the php package leonardini/brontosaurus. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download leonardini/brontosaurus
More information about leonardini/brontosaurus
Files in leonardini/brontosaurus
Package brontosaurus
Short Description PHP security auditor for websites
License MIT
Homepage https://brontosaurus.leonardini.dev
Informations about the package brontosaurus
Brontosaurus

Brontosaurus is a security tool for your PHP website.
Current features include:
- Form tokens validation
Table of Contents
- Installation
- Getting Started
- Form Tokens
- Configuration
Installation
The easiest way to install Brontosaurus is with Composer:
If you prefer you can download the latest release and manually add the files to your project. Keep in mind that this is discouraged as you won't be able to easily update the library.
WARNING: Make sure to
require_once
every file inside thesrc
folder
Getting Started
NOTICE: this tutorial assumes that you've installed Brontosaurus using Composer, if you haven't you can still follow this, but some parts would be different
To be able to use Brontosaurus you have to require_once
the autoload.php
file inside Composer's vendor folder.
This is actually the only thing you need to do to get Brontosaurus and all its tools up and running. For an usage example see the next section about Form Tokens
Form Tokens
When your website has a form, you usually want to receive submissions only from your legit page and not from other sources, such as unauthorized third-parties services.
Keeping in mind that this problem cannot be completely solved, Brontosaurus has a nice tool to help you make your forms a little bit more secure.
This works by generating a hidden random token every time the form page is loaded. The token is than sent to the server together with the form data and checked if its the same one saved in session. The user could have multiple browser tabs opened and to support that the last 20 tokens are saved in session (that number is customizable, check the configuration section).
The code you need on the form page is the following:
To check the validity of the token you will use:
Major info about the validation process could be obtained with $validation->getCode()
. Give a look to ValidationCode
enum.
Configuration
Brontosaurus can be configured through a yml file. To load the config file use
You can also unload your custom configs (default ones would be restored)
This is an example config file: